wip

2 years ago · 2ce753bf47
4 changed files with 42 additions and 9 deletions
--- a/tekton/pipeline-build-multiarch.yaml
+++ b/tekton/pipeline-build-multiarch.yaml
@ -16,6 +16,9 @@ spec:
  - name: manifest-name
    type: string
    default: "tekton"
+  - name: context-dir
+    type: string
+    default: "."

  tasks:

@ -39,8 +42,8 @@ spec:
    params:
    - name: manifest-name
      value: $(params.manifest-name)
-    - name: arch
-      value: "amd64"
+    - name: context-dir
+      value: $(params.context-dir)
    workspaces:
    - name: source-workspace
      workspace: source-workspace
@ -54,8 +57,8 @@ spec:
    params:
    - name: manifest-name
      value: $(params.manifest-name)
-    - name: arch
-      value: "arm64"
+    - name: context-dir
+      value: $(params.context-dir)
    workspaces:
    - name: source-workspace
      workspace: source-workspace
--- a/tekton/pipelinerun.yaml
+++ b/tekton/pipelinerun.yaml
@ -10,6 +10,8 @@ spec:
    value: https://github.com/nmasse-itix/tekton-pipeline-multiarch.git
  - name: docker-image-name
    value: quay.io/nmasse_itix/htop-multiarch
+  - name: context-dir
+    value: src
  workspaces:
  - name: container-storage
    volumeClaimTemplate:
--- a/tekton/serviceaccount-buildbot.yaml
+++ b/tekton/serviceaccount-buildbot.yaml
@ -4,3 +4,29 @@ metadata:
  name: buildbot
 imagePullSecrets:
 - name: quay-authentication
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: buildbot-scc
+rules:
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: buildbot-scc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: buildbot-scc
+subjects:
+- kind: ServiceAccount
+  name: buildbot
--- a/tekton/task-podman-build.yaml
+++ b/tekton/task-podman-build.yaml
@ -9,8 +9,6 @@ spec:
  - name: context-dir
    type: string
    default: .
-  - name: arch
-    type: string
  workspaces:
  - name: source-workspace
    description: Workspace containing source code
@ -19,9 +17,13 @@ spec:
    mountPath: /var/lib/containers
  steps:
  - name: build
-    image: quay.io/podman/stable
+    image: registry.redhat.io/rhel8/buildah@sha256:b48f410efa0ff8ab0db6ead420a5d8d866d64af846fece5efb185230d7ecf591
    script: |
      #!/bin/bash
      set -Eeuo pipefail
-      export STORAGE_DRIVER=vfs
-      podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
+      buildah bud --storage-driver=vfs --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
+      #podman build --no-cache --manifest $(params.manifest-name) $(workspaces.source-workspace.path)/$(params.context-dir)
+    securityContext:
+      capabilities:
+        add:
+          - SETFCAP